The following ruleset fails to be merged using set + concatenation:
meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.3.0/24 accept
meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.4.0-2.2.4.10 accept
hitting the following assertion:
nft: optimize.c:585: __merge_concat_stmts: Assertion `0' failed.
Abort
This patch also updates tests/shell.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
break;
case EXPR_SYMBOL:
case EXPR_VALUE:
+ case EXPR_PREFIX:
+ case EXPR_RANGE:
clone = expr_clone(stmt_a->expr->right);
compound_expr_add(concat, clone);
break;
table ip x {
chain y {
- iifname . ip saddr . ip daddr { "eth1" . 1.1.1.1 . 2.2.2.3, "eth1" . 1.1.1.2 . 2.2.2.4, "eth2" . 1.1.1.3 . 2.2.2.5 } accept
+ iifname . ip saddr . ip daddr { "eth1" . 1.1.1.1 . 2.2.2.3, "eth1" . 1.1.1.2 . 2.2.2.4, "eth1" . 1.1.1.2 . 2.2.3.0/24, "eth1" . 1.1.1.2 . 2.2.4.0-2.2.4.10, "eth2" . 1.1.1.3 . 2.2.2.5 } accept
ip protocol . th dport { tcp . 22, udp . 67 }
}
chain y {
meta iifname eth1 ip saddr 1.1.1.1 ip daddr 2.2.2.3 accept
meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.2.4 accept
+ meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.3.0/24 accept
+ meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.4.0-2.2.4.10 accept
meta iifname eth2 ip saddr 1.1.1.3 ip daddr 2.2.2.5 accept
ip protocol . th dport { tcp . 22, udp . 67 }
}
projects / thirdparty / nftables.git / commitdiff
